Backport #27844 by @nodiscc This documents running `act-runner` as a systemd service under a dedicated user account. Co-authored-by: nodiscc <nodiscc@gmail.com>
This commit is contained in:
parent
6637bbf510
commit
352906b448
1 changed files with 34 additions and 0 deletions
|
@ -268,6 +268,40 @@ The runner will fetch jobs from the Gitea instance and run them automatically.
|
||||||
|
|
||||||
Since act runner is still in development, it is recommended to check the latest version and upgrade it regularly.
|
Since act runner is still in development, it is recommended to check the latest version and upgrade it regularly.
|
||||||
|
|
||||||
|
## Systemd service
|
||||||
|
|
||||||
|
It is also possible to run act-runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `act_runner` user on your system, and the following file in `/etc/systemd/system/act_runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `act_runner` binary, its configuration file, and the home directory of the `act_runner` user.
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[Unit]
|
||||||
|
Description=Gitea Actions runner
|
||||||
|
Documentation=https://gitea.com/gitea/act_runner
|
||||||
|
After=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml
|
||||||
|
ExecReload=/bin/kill -s HUP $MAINPID
|
||||||
|
WorkingDirectory=/var/lib/act_runner
|
||||||
|
TimeoutSec=0
|
||||||
|
RestartSec=10
|
||||||
|
Restart=always
|
||||||
|
User=act_runner
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
|
||||||
|
Then:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# load the new systemd unit file
|
||||||
|
sudo systemctl daemon-reload
|
||||||
|
# start the service and enable it at boot
|
||||||
|
sudo systemctl enable act_runner --now
|
||||||
|
```
|
||||||
|
|
||||||
|
If using Docker, the `act_runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act_runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface).
|
||||||
|
|
||||||
## Configuration variable
|
## Configuration variable
|
||||||
|
|
||||||
You can create configuration variables on the user, organization and repository level.
|
You can create configuration variables on the user, organization and repository level.
|
||||||
|
|
Loading…
Reference in a new issue